Guess what? With the creation of the Route 53 resolvers and the rules, we have successfully created a flexible DNS querying environment.
At this point, we need an environment that can act as an on-prem environment and one way to create such environment is to
* create a brand new VPC with a completely different CIDR and name it on-prem.
* After the new VPC has been created, create VPC peering connection with the DNS VPC and make sure that the VPC route table is updated so the VPCs can talk to each other
* In the on-prem VPC, create a MS Active Directory server in an EC2 instance. Use the AWS Quick Starts for active directory
* Create a new domain example.com and enter a few entries (such as test1.example.com, test2.example.com) in the Active Directory server
* Ensure that the AD server is also able to resolve
* Update the conditional forwarding rule named
default-resolution in Route 53 resolver and update the target IP address to be that of the Active Directory server
1. Launch an EC2 instance in the DNS VPC
2. From the EC2 instance ensure that following command executes successfully:
If the name resolves correctly then we know that the rule that we created for
. is working.
3. Create a VPC endpoint (any endpoint will do) via VPC Console (under endpoints). Ensure that
Enable DNS name is checked.
4. Within the VPC console, select the VPC endpoint created above and bring up the details. It should look like below
5. Try to resolve (via
host command) each of the DNS names highlighted in the red box
Resolving those DNS names MUST return private IP addresses. Returning private IP address means the forwarder rule
amazon-aws is working.